diff options
Diffstat (limited to 'sepolicy/permission_check.te')
| -rw-r--r-- | sepolicy/permission_check.te | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/sepolicy/permission_check.te b/sepolicy/permission_check.te new file mode 100644 index 0000000..05634c6 --- /dev/null +++ b/sepolicy/permission_check.te @@ -0,0 +1,53 @@ +# ============================================== +# Policy File of /system/binpermission_check Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type permission_check_exec , exec_type, file_type; +type permission_check ,domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== + +#permissive permission_check; +init_daemon_domain(permission_check) +#unconfined_domain(permission_check) + +allow permission_check persist_md_prop: property_service set; + +allow permission_check init:unix_stream_socket connectto; +allow permission_check nvram_data_file:dir { rw_dir_perms setattr }; +allow permission_check nvram_data_file:file { write create open setattr getattr }; +allow permission_check nvram_data_file:lnk_file read; +allow permission_check nvdata_file:dir { rw_dir_perms setattr }; +allow permission_check nvdata_file:file { write create open setattr getattr }; + +allow permission_check property_socket:sock_file write; + +allow permission_check protect_f_data_file:dir { read getattr open setattr search }; +allow permission_check protect_s_data_file:dir { read getattr open setattr search }; +allow permission_check protect_f_data_file:file { getattr setattr }; +allow permission_check protect_s_data_file:file { getattr setattr }; + +allow permission_check self:capability { fowner chown dac_override fsetid }; +allow permission_check shell_exec:file { read execute open execute_no_trans }; +allow permission_check system_file:file { read getattr open execute execute_no_trans }; + +allow permission_check ccci_cfg_file:dir create_dir_perms; +allow permission_check ccci_cfg_file:file create_file_perms; + +allow permission_check mdlog_data_file:dir { read search setattr open }; +allow permission_check mdlog_data_file:fifo_file setattr; +allow permission_check mdlog_data_file:file setattr;
\ No newline at end of file |